In 2012, fake flight reservation confirmations and bogus E-ticket verifications were a popular social engineering theme for cybercriminals. On numerous occasions, we intercepted related campaigns attempting to trick customers into clicking on malicious links, which ultimately exposed them to the client-side exploits served by the latest version of the Black Hole Exploit Kit.

Apparently, the click-through rates for these campaigns were good enough for cybercriminals to resume spamvertising related campaigns. In this post, I’ll profile the most recently spamvertised campaign impersonating U.S Airways.

More details:

Sample screenshot of the spamvertised email:

Sample compromised URLs part of the campaign:hxxp://sweetsw.com/templates/atomic/ticket_status.htmlhxxp://toopz.com/templates/atomic/ticket_status.htmlhxxp://sunshinecoasttackle.com/templates/beez/ticket_status.htmlhxxp://tj-print.com/templates/atomic/ticket_status.htmlhxxp://thai-tsam.com/templates/1/ticket_status.htmlhxxp://thephoenixconsultingfirm.com/templates/beez/ticket_status.htmlhxxp://thickdickdaddy.com/templates/atomic/ticket_status.htmlhxxp://tianzhaotian2001.com/templates/atomic/ticket_status.htmlhxxp://tiendatradiciones.com/templates/beez/ticket_status.html